WARNING: High-severity vulnerability in Ivanti Endpoint Manager Mobile (formerly MobileIron Core)

Reference:
Advisory #2023-90

Version:
1.0

Affected software:
Ivanti Endpoint Manager Mobile versions 11.10
Ivanti Endpoint Manager Mobile versions 11.8
Ivanti Endpoint Manager Mobile versions 11.9
Older, unsupported versions of Ivanti Endpoint Manager Mobile

Type:
Remote Arbitrary File Write

CVE/CVSS:
CVE-2023-35081
CVSS: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Sources

https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

Risks

The vulnerability has a HIGH impact on Confidentiality, Integrity, and Availability. User interaction is not required to exploit this vulnerability and the attack complexity is low.

Furthermore, this vulnerability is now being actively exploited in attacks.

Description

CVE-2023-35081: Remote Arbitrary File Write

This remote arbitrary file write vulnerability affects Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.

An attacker with administrative rights can exploit the vulnerability to perform arbitrary file writes to the EPMM server, and execute OS commands on the vulnerable system as the tomcat user.

If this vulnerability is used in conjunction with CVE-2023-35078, it no longer needs administrator privileges and bypasses Access Control Lists restrictions.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to visit Ivantis’s Customer Portal to download and install the patched versions of this software.

References

https://www.ivanti.com/blog/cve-2023-35081-new-ivanti-epmm-vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35081
https://www.helpnetsecurity.com/2023/07/31/cve-2023-35081/